Would like to first determine which devices have the employee as a local admin and then remove those rights. I see script for the Removal of Admin Rights but I need to know how to determine which ones have that scenario. Is there a process already establish for this?
0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity


Hello, You would need to create a Custom Inventory Rule to accomplish this, executing maybe a wmic command or a VBS script. You could use this with ShellCommandReturnText (cmd /c NET LOCALGROUP Administrators) on a Custom Inventory Rules or distribute a BAT with the follow:

    FOR /F "delims=[]" %%A IN ('NET LOCALGROUP Administrators ˆ| FIND /N "----"') DO SET HeaderLines=%%A
    FOR /F "tokens=*"  %%A IN ('NET LOCALGROUP Administrators') DO SET FooterLine=%%A
    NET LOCALGROUP Administrators | MORE /E +%HeaderLines% | FIND /V "%FooterLine%"

Then execute the ShellComandReturnText
Answered 09/15/2016 by: Ericenri
Senior Purple Belt

Please log in to comment
see this to create the CIR's

then all you need is a kscript to run a
net user [<UserName> [/delete]]

if you want to remove admin rights from the current logged in user you can us this script (run as system)

if you want to add admin rights from the current logged in user you can us this script (run as system)

Answered 09/19/2016 by: SMal.tmcc
Red Belt

Please log in to comment
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja